A cryptographic protocol compiler for multiparty sessions
Proceedings of the 2009 ACM SIGPLAN workshop on ML
Secure Enforcement for Global Process Specifications
CONCUR 2009 Proceedings of the 20th International Conference on Concurrency Theory
Developing security protocols by refinement
Proceedings of the 17th ACM conference on Computer and communications security
Sessions and session types: an overview
WS-FM'09 Proceedings of the 6th international conference on Web services and formal methods
A theory of design-by-contract for distributed multiparty interactions
CONCUR'10 Proceedings of the 21st international conference on Concurrency theory
Session types for access and information flow control
CONCUR'10 Proceedings of the 21st international conference on Concurrency theory
Refinement types for secure implementations
ACM Transactions on Programming Languages and Systems (TOPLAS)
Dynamic multirole session types
Proceedings of the 38th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
AnBx: security protocols design and verification
ARSPA-WITS'10 Proceedings of the 2010 joint conference on Automated reasoning for security protocol analysis and issues in the theory of security
Typechecking higher-order security libraries
APLAS'10 Proceedings of the 8th Asian conference on Programming languages and systems
Scribbling interactions with a formal foundation
ICDCIT'11 Proceedings of the 7th international conference on Distributed computing and internet technology
Cryptographic verification by typing for a sample protocol implementation
Foundations of security analysis and design VI
Secure distributed programming with value-dependent types
Proceedings of the 16th ACM SIGPLAN international conference on Functional programming
Modular code-based cryptographic verification
Proceedings of the 18th ACM conference on Computer and communications security
Self-certification: bootstrapping certified typecheckers in F* with Coq
POPL '12 Proceedings of the 39th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Formally based semi-automatic implementation of an open security protocol
Journal of Systems and Software
Parameterised multiparty session types
FOSSACS'10 Proceedings of the 13th international conference on Foundations of Software Science and Computational Structures
G2C: cryptographic protocols from goal-driven specifications
TOSCA'11 Proceedings of the 2011 international conference on Theory of Security and Applications
Security goals and protocol transformations
TOSCA'11 Proceedings of the 2011 international conference on Theory of Security and Applications
Structured Communication-Centered Programming for Web Services
ACM Transactions on Programming Languages and Systems (TOPLAS)
Web services verification and prudent implementation
DPM'11 Proceedings of the 6th international conference, and 4th international conference on Data Privacy Management and Autonomous Spontaneus Security
Distributed orchestration of web services under security constraints
DPM'11 Proceedings of the 6th international conference, and 4th international conference on Data Privacy Management and Autonomous Spontaneus Security
Asynchronous distributed monitoring for multiparty session enforcement
TGC'11 Proceedings of the 6th international conference on Trustworthy Global Computing
Deadlock-freedom-by-design: multiparty asynchronous global programming
POPL '13 Proceedings of the 40th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
JavaSPI: A Framework for Security Protocol Implementation
International Journal of Secure Software Engineering
Logical foundations of secure resource management in protocol implementations
POST'13 Proceedings of the Second international conference on Principles of Security and Trust
Sessions and separability in security protocols
POST'13 Proceedings of the Second international conference on Principles of Security and Trust
Establishing and preserving protocol security goals
Journal of Computer Security - Foundational Aspects of Security
Hi-index | 0.00 |
We present the design and implementation of a compiler that, given high-level multiparty session descriptions, generates custom cryptographic protocols. Our sessions specify pre-arranged patterns of message exchanges and data accesses between distributed participants. They provide each participant with strong security guarantees for all their messages. Our compiler generates code for sending and receiving these messages, with cryptographic operations and checks, in order to enforce these guarantees against any adversary that may control both the network and some session participants. We verify that the generated code is secure by relying on a recent type system for cryptography. Most of the proof is performed by mechanized type checking and does not rely on the correctness of our compiler.We obtain the strongest session security guarantees to date in a model that captures the executable details of protocol code. We illustrate and evaluate our approach on a series of protocols inspired by web services.